As201354: Difference between revisions

Revision as of 21:53, 11 February 2026

Anycast Nodes 2001:67c:8d4::/48
ID	Location	Provider	Public /56 block	Internal /64
0	🇨🇭Zurich	https://www.securebit.ch/	2001:67c:8d4:100::/56	fd00:0:0:1::2/128
1	🇩🇪Düsburg	https://www.securebit.ch/	2001:67c:8d4:200::/56	fd00:0:0:1::3/128

Adding a new Node on master

/ip/firewall/filter add chain=input action=accept protocol=udp dst-port=9999 comment="Allow WG incoming"

/ipv6 address add address=2001:67c:8d4:XXXX::1/56 interface=ether1

/interface wireguard peers add interface=wg-internal \
    public-key="NODE_PUBLIC_KEY" \
    allowed-address=fd00:0:0:1::XXXX/128,2001:67c:8d4:XXXX::/56 \
    persistent-keepalive=25

/ipv6 route add dst-address=2001:67c:8d4:XXXX::/56 gateway=fd00:0:0:1::X

Adding a new node on node

/interface wireguard add name=wg-internal mtu=1420

/ipv6 address add address=fd00:0:0:1::XXXX/64 interface=wg-internal advertise=no

/interface wireguard peers add interface=wg-internal \
    public-key="MASTER PUBLIC=" \
    endpoint-address=XXXXXXXX \
    endpoint-port=XXXX \
    allowed-address=fd00:0:0:1::XXXX/128,2001:67c:8d4::/48 \
    persistent-keepalive=25

Checking that it works

# on master 

/ping fd00:0:0:1::X interface=wg-internal   
/ping 2001:67c:8d4:XXXX::1
# on node

/ping fd00:0:0:1::1 interface=wg-internal